WO2018063725A1 - System monitor - Google Patents

System monitor Download PDF

Info

Publication number
WO2018063725A1
WO2018063725A1 PCT/US2017/049471 US2017049471W WO2018063725A1 WO 2018063725 A1 WO2018063725 A1 WO 2018063725A1 US 2017049471 W US2017049471 W US 2017049471W WO 2018063725 A1 WO2018063725 A1 WO 2018063725A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensor data
event
monitor
local
computing device
Prior art date
Application number
PCT/US2017/049471
Other languages
English (en)
French (fr)
Inventor
Chris Pavlas
Scott Dubal
Sharada SHIDDIBHAVI
Amritha NAMBIAR
Trevor Cooper
Robert Love
Calin Gherghe
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to DE112017005007.3T priority Critical patent/DE112017005007T5/de
Priority to CN201780053194.3A priority patent/CN109643348A/zh
Publication of WO2018063725A1 publication Critical patent/WO2018063725A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3058Monitoring arrangements for monitoring environmental properties or parameters of the computing system or of the computing system component, e.g. monitoring of power, currents, temperature, humidity, position, vibrations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/86Event-based monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • the present disclosure relates to a monitor, in particular to, a system monitor.
  • Predicting or detecting faults and/or security events in a computer system may rely on software methods. Even with roots-of-trust, certificates and other sophisticated schemes, attacks may be possible in a software -based system. For example, software-based systems may be interfered with and/or reprogrammed without the interference and/or reprogramming necessarily being detected. Further, detection may be compromised by the fault itself since the fault may impact correct execution of a software detection algorithm.
  • FIG. 1 illustrates a functional block diagram of a system that includes monitor circuitry, a plurality of sensors and a computing device consistent with several embodiments of the present disclosure
  • FIG. 2 illustrates a functional block diagram of a networked monitor system consistent with several embodiments of the present disclosure
  • FIG. 3 is a flowchart of monitor circuitry operations according to various embodiments of the present disclosure.
  • An apparatus, method and/or system includes monitor circuitry and one or more sensors incorporated in a computing device.
  • the sensors may be coupled to and/or integrated with each of a plurality of monitored elements (e.g., processor, memory, motherboard, external storage, etc.) of the computing device.
  • the monitor circuitry is configured to generate respective sensor data based, at least in part, on a respective sensor signal received from each sensor.
  • Sensor data may include, but is not limited to, a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency and/or a frequency variation, etc.
  • the sensors may include, but are not limited to, a voltage sensor, a current sensor and/or a temperature sensor. Each sensor may be physically positioned on, in or near a respective monitored element and may be coupled to the monitor circuitry.
  • a voltage sensor may include electrical conductors, e.g., contacts, traces, that are coupled to the monitored element.
  • a current sensor may include a sense resistor.
  • a temperature sensor may include a thermistor, a thermocouple, a temperature sensing integrated circuit, etc.
  • a subset of the sensors may be spatially distributed across a monitored element and/or across the computing device. Thus, a "map" of sensor data may be generated for the monitored element and/or the computing device.
  • the monitor circuitry is further configured to identify an event based, at least in part, on the sensor data.
  • the event may be identified based, at least in part, on a comparison between local sensor data and stored sensor data retrieved from a monitor data store.
  • An event may include, but is not limited to, an actual security event, a precursor security event, an actual fault event and/or a precursor fault event.
  • An actual event is an event that is occurring or has occurred.
  • a precursor event is an event that may occur.
  • a precursor event may thus have an associated likelihood of occurrence in a time interval.
  • Security events may include, for example, an external network-based attack on a computing device, an internal virus, a Trojan, etc.
  • Fault events may correspond to, for example, failure of a monitored element failure, e.g., failure of one or more elements of processor, failure of a chipset, communication interface failure, an overvoltage condition, an overcurrent condition, an overtemperature condition, etc.
  • a monitored element failure e.g., failure of one or more elements of processor, failure of a chipset, communication interface failure, an overvoltage condition, an overcurrent condition, an overtemperature condition, etc.
  • the monitor circuitry may be further configured to select a response based, at least in part, on the identified event.
  • the response may include one or more of notify an end-user of the event, notify an administrator system of the event, isolate an element of the computing device, initiate migration of a workload, store the sensor data to a monitor data store and/or continue monitoring.
  • Generating the sensor data, identifying the event and selecting the response are configured to be independent of operation of an operating system (OS) and/or an application that may be executing on the computing device. In other words, operations of the monitor system (i.e., monitor circuitry and associated sensors) are not controlled by the OS.
  • OS operating system
  • a plurality of monitor systems each incorporated in a respective computing device, may be included in a networked monitor system.
  • Each monitor system may include a respective monitor circuitry and associated sensors.
  • the plurality of computing devices may be included in a data center.
  • the plurality of monitor circuitries may be coupled via a monitor network.
  • One or more of the monitor circuitries may be configured to transmit or receive remote sensor data to/from other of the plurality of monitor circuitries.
  • Each monitor circuitry may then be configured to identify the event further based, at least in part, on received remote sensor data.
  • an administrator system may be configured to generate a decision rule related to each event based, at least in part, on selected sensor data received from at least some of one or more of a plurality of monitor circuitries.
  • Each monitor circuitry may be configured to receive the decision rule from the administrator system.
  • Each monitor circuitry then may be configured to identify the event further based, at least in part, on the decision rule.
  • the decision rule may be generated utilizing one or more of a Bayesian network, a linear regression, a neural network, a machine learning technique and/or statistical analysis.
  • the decision rule may be generated based, at least in part, on sensor data and based, at least in part on the event associated with the sensor data, as described herein.
  • the decision rule may be generated based, at least in part, on, for example, a history of sensor data values that correspond to previously provided sensor data.
  • operations of the monitor system may not be susceptible to effects of corruption of the OS and/or an application nor to successful malware attacks on the OS and/or application(s) executing on the computing device.
  • the apparatus, method and/or system are configured to identify security and/or fault events based, at least in part, on sensor data. Identification of an event may be relatively fast, in part because the monitor circuitry, including monitor logic, is local to (i.e., is coupled to and/or integrated with) the computing device and, in part, because the monitor circuitry is implemented in circuitry.
  • FIG. 1 illustrates a functional block diagram of a system 100 consistent with several embodiments of the present disclosure.
  • System 100 includes monitor circuitry 102, a plurality of sensors 106 - 1,..., 106 - N and computing device 104.
  • Monitor circuitry 102 is coupled to and/or may be included in computing device 104.
  • Sensor 106 - 1 may be incorporated in monitor circuitry 102.
  • Sensors 106 - 2,..., 106 - N are incorporated in computing device 104.
  • "incorporated in” means coupled to and/or integrated with.
  • integrated with may correspond to being manufactured, e.g., fabricated, with a corresponding monitored element.
  • Computing device 104 may include, but is not limited to, a mobile telephone including, but not limited to a smart phone (e.g., iPhone®, Android®-based phone, Blackberry®,
  • a smart phone e.g., iPhone®, Android®-based phone, Blackberry®,
  • Symbian®-based phone, Palm®-based phone, etc. a wearable device (e.g., wearable computer, "smart” watches, smart glasses, smart clothing, etc.) and/or system; an Internet of Things (IoT) networked device including, but not limited to, a sensor system (e.g., environmental, position, motion, etc.) and/or a sensor network (wired and/or wireless); a computing system (e.g., a server, a workstation computer, a desktop computer, a laptop computer, a tablet computer (e.g., iPad®, GalaxyTab® and the like), an ultraportable computer, an ultramobile computer, a netbook computer and/or a subnotebook computer; etc.
  • IoT Internet of Things
  • Computing device 104 may include a subsystem 120, e.g., a motherboard, memory 122, a power source 124 and external storage 126.
  • Memory 122 is configured to store, and thus may include, an operating system (OS) 152 and one or more application(s), e.g., application 154.
  • OS operating system
  • application 154 application 154
  • Computing device 104 may further include a processor 130, a chipset 132 and a communication interface 134.
  • processor 130 may include one or more processing units, e.g., a special purpose processing unit 140 and one or more general purpose processing units, e.g., general purpose processing unit 142, one or more cache memories, e.g., cache 144, one or more I/O controllers, e.g., I/O controller 146, a memory controller 148 and one or more processor registers, e.g., processor register 150.
  • Special purpose processor 140 may include, but is not limited to, a graphics processing unit, a math coprocessor, etc.
  • Each general purpose processing unit 142 may correspond to a processing core that may include one or more hardware threads.
  • Each processor register, e.g., processor register 150 may be coupled to or included in a respective processing unit, e.g., general purpose processing unit 142.
  • Each element 120, 122, 124, 126, 130 (including elements 140, 142, 144, 146, 148, 150),
  • a status, i.e., "health" of each element may be indicated by one or more of temperature, voltage, current and/or variation thereof associated with each element, i.e., associated with each monitored element.
  • Corresponding sensor data associated with each monitored element may then be utilized to identify an event, as described herein.
  • Each element of computing device 104 may include one or more sensors incorporated in, i.e., coupled to and/or integrated with, the respective element.
  • Memory 122 may include sensor 106 - 2.
  • Power source 124 may include sensor 106 - 3.
  • External storage 126 may include sensor 106 - 4.
  • Processor 130 may include sensor 106 - 5.
  • Chipset 132 may include sensor 106 - 6.
  • Communication interface 104 may include sensor 106 - 7.
  • Special purpose processing unit 140 may include sensor 106 - 8.
  • General-purpose processing unit 142 may include sensor 106 - 9.
  • Cache memory 144 may include sensor 106 - 10.
  • I/O controller 146 may include sensor 106 - 11.
  • Register 150 may include sensor 106 - 12.
  • Memory controller 148 may include sensor 106 - 13.
  • Subsystem 120 may include one or more sensors, e.g., sensors 106 - 14,..., 106 - N.
  • sensors 106 - 14,..., 106 - N may be distributed over subsystem 120, e.g., positioned at various spatial locations.
  • the sensors 106 - 1,..., 106 - N may include, but are not limited to, voltage sensors, current sensors and/or temperature sensors, etc. Each sensor 106 - 1,..., 106 - N may be physically positioned on, in or near a respective monitored element 120, 122, 124, 126, 130 (including elements 140, 142, 144, 146, 148, 150), 132 and/or 134 and may be coupled to the monitor circuitry 102.
  • a voltage sensor may include electrical conductors, e.g., contacts and/or traces, that are coupled to, and/or integrated with, the monitored element.
  • a current sensor may include a sense resistor coupled to and/or integrated with the monitored element.
  • a temperature sensor may include a thermistor, a thermocouple, a temperature sensing integrated circuit, etc., positioned in, on or near the monitored element.
  • a subset of the sensors 106 - 1,..., and/or 106 - N may be spatially distributed across a monitored element and/or across the computing device 104.
  • a "map" of sensor data may be generated for the monitored element and/or the computing device.
  • the map may include sensor data associated with each sensor location.
  • Each sensor 106 - 1,..., 106 - N may have a corresponding sensor identifier configured to allow monitor circuitry 102 to identify the sensor and thus, a physical, i.e., spatial, location relative to a corresponding monitored element and/or the monitored element.
  • the sensor identifier may be provided to monitor circuitry 102 with the sensor signal and/or in response to a request (e.g., in response to a sensor command and/or control signal) from monitor circuitry 102.
  • Monitor circuitry 102 may be configured to receive a respective sensor signal from each sensor 106 - 1,..., 106 - N.
  • the sensor signal may include a voltage and/or a current.
  • Monitor circuitry 102 may then be configured to generate corresponding sensor data based, at least in part, on the received sensor signal.
  • Sensor data may include, but is not limited to, voltage, current, temperature, voltage variation, current variation, temperature variation, a frequency of a sensor signal, phase of a sensor signal, variation in frequency, variation in phase, etc.
  • sensor data may include an analog value and/or a digital representation of the analog value.
  • one or more of sensors 106 - 1,..., and/or 106 - N may be incorporated in the computing device 104 and may be coupled to and/or integrated with each of the plurality of monitored elements.
  • Monitor circuitry 102 includes monitor logic 110, monitor memory 112, monitor data store 114, detector circuitry 118 and a timer 119. Monitor circuitry 102 may further include monitor communication interface 116 and/or the sensor 106 - 1.
  • monitor circuitry 102 may correspond to an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a microcontroller, a system-on-a-chip (SoC) or the like.
  • ASIC application-specific integrated circuit
  • FPGA field-programmable gate array
  • SoC system-on-a-chip
  • Detector circuitry 118 is configured to receive a sensor signal and to generate
  • detector circuitry 118 may contain one or more of an analog to digital converter (ADC), an amplifier, a comparator (e.g., level and/or window), a multiplexer (MUX), a peak detector, a phase detector, a frequency detector, etc.
  • ADC analog to digital converter
  • comparator e.g., level and/or window
  • MUX multiplexer
  • peak detector e.g., phase detector
  • frequency detector e.g., a frequency detector, etc.
  • Detector circuitry 118 is configured to receive sensor signals, e.g., voltages and/or currents, from each sensor 106 - 1,..., 106 - N. Detector circuitry 118 may be further configured to process the received sensor signal, e.g., amplify, convert an analog signal to a digital representation, etc. The corresponding sensor data may then be stored to monitor data store 114.
  • the sensor data may be associated with a sensor identifier in, for example, a lookup table in monitor data store 114. Each sensor identifier may be associated with a monitored element identifier and/or a spatial position in computing device 104.
  • the sensor data may be associated with a timestamp provided by, e.g., timer 119.
  • sensors 106 - 1,..., 106 - N may be configured to detect a physical parameter, e.g., current, voltage, temperature, etc., and to output a sensor signal, e.g., a voltage and/or a current.
  • the voltage and/or current may then be provided to and received by detector circuitry 118 configured to generate corresponding sensor data.
  • the sensor data may then be stored to monitor data store 114 associated with a corresponding sensor identifier.
  • the sensor identifier may be associated with a spatial position in computing device 104 (e.g., subsystem 120 and/or processor 130) and/or a monitored element identifier.
  • Sensor data store 114 may be further configured to store a timestamp associated with each sensor data value. For example, the timestamp may be retrieved from timer 119.
  • Sensor data, sensor identifiers, position and/or monitored element identifiers and/or timestamps may then be utilized by monitor logic 110 to identify an event, as described herein.
  • Monitor logic 110 may be configured to identify an event based, at least in part, on sensor data.
  • the event may be identified based, at least in part, on a comparison between local sensor data and stored sensor data retrieved from a monitor data store. For example, test (i.e., local) sensor data may be compared to stored (e.g., legitimate, "known good") sensor data, stored to monitor data store 114.
  • Test sensor data may be generated based, at least in part, on a test sensor signal received from a corresponding sensor during operation of computing device 104.
  • An event may then be identified based, at least in part, on a comparison of the test sensor data and the stored sensor data.
  • An event may include, but is not limited to an actual security event, a precursor security event, an actual fault event and/or a precursor fault event.
  • An actual event is an event that is occurring or has occurred.
  • a precursor event is an event that may occur.
  • a precursor event may thus have a corresponding likelihood of occurrence in a time interval.
  • Security events may include, for example, an external network-based attack on computing device 104, an internal virus, a Trojan, etc.
  • Actual fault events may correspond to, for example, a monitored element failure, e.g., failure of one or more elements of processor 130, chipset 132 failure, communication interface 134 failure, an overvoltage condition, an overcurrent condition, an overtemperature condition, etc.
  • Precursor fault events may include an indicator that a monitored element is likely to fail in a time interval.
  • sensor 106 - 2 included in memory 122 may correspond to a plurality of voltage sensors. Sensor data may then correspond to a distribution of voltages across at least a portion of the memory 122. Sensor signals corresponding to the voltages may be received and corresponding sensor data generated during access to, e.g., a selected memory region included in the at least a portion of memory 122. Legitimate sensor data may be generated during known legitimate access to a selected memory region. For example, the legitimate sensor data may be generated during access by a legitimate application that yields a corresponding voltage distribution, i.e., signature. In another example, the legitimate sensor data may be generated during access by another legitimate application that is configured to provide a selected voltage distribution, i.e., a selected signature.
  • the legitimate sensor data may then be stored to monitor data store 114.
  • Monitor circuitry 102 may then be configured to receive test sensor signals (e.g., voltages) from sensor 106 - 2 and to generate corresponding test (i.e., local) sensor data, during operation of computing device 104.
  • test sensor signals e.g., voltages
  • monitor circuitry 102 may be configured to generate the test data when the selected memory region contains sensitive data.
  • Monitor logic 110 may then be configured to compare the local sensor data to the stored sensor data that corresponds to a signature. If the access to the selected memory region is not legitimate, the test sensor data may generate a different pattern of voltages, i.e., a different signature.
  • the monitor logic 110 may then identify an actual security event based, at least in part, on a comparison of the legitimate stored sensor data and the local test sensor data. Temperature distributions and sensor data that corresponds to temperature may similarly be utilized to generate "signatures" and to identify an event.
  • variation in voltage and/or current greater than a threshold may indicate that a monitored element is tending toward failure.
  • the variation in voltage and/or current greater than the threshold may correspond to a precursor fault event.
  • the voltage and/or current variations may be mapped to a physical, i.e., spatial, location in computing device 104 and, e.g., subsystem 120.
  • the spatial location and/or monitored element may be determined based on the sensor identifiers, for example, and, thus, the voltage and/or current variation (e.g., voltage or current gradient) may be associated with one or more elements of processor 130 (e.g., special purpose processing unit 140, general purpose processing unit 142, cache 144, I/O controller 136, processor registers 150 and/or memory controller 148).
  • processor 130 e.g., special purpose processing unit 140, general purpose processing unit 142, cache 144, I/O controller 136, processor registers 150 and/or memory controller 148.
  • the variation in voltage and/or current over time may be determined by, e.g., monitor logic 110.
  • the variation in voltage and/or current may be related to time and/or frequency.
  • a temperature value greater than a threshold may indicate that a monitored element is tending towards failure.
  • variation in temperature greater than a threshold may correspond to a precursor fault event.
  • temperature values may be mapped spatially over, e.g., computing device 104, subsystem 120 and/or processor 130.
  • a temperature gradient greater than a threshold between a plurality of locations may correspond to a precursor fault event.
  • Temperature variation over time may also be determined based, at least in part, on generated temperature data and based, at least in part, on timestamp data from, e.g., timer 119.
  • sensor data may be mapped spatially, i.e., according to position and/or location in or on computing device 104, and/or temporally, e.g., in the time domain and/or frequency domain.
  • the mapping may be determined by, e.g., monitor logic 110, based, at least in part, on sensor data, sensor identifiers and/or time information provided by, e.g., timer 119, and stored to monitor data store 114.
  • the mapping information may similarly be stored to monitor data store 114.
  • monitor data store 114 may be utilized by, e.g., monitor logic 110, to identify an event and to then select a corresponding response.
  • a voltage jitter i.e., a voltage variation over a selected time interval
  • a processor register e.g., register 150
  • BER bit error rate
  • a temperature gradient between spatial locations in computing device 104 above a threshold may correspond to a precursor fault event, i.e., may indicate that a monitored element is likely to fail in a finite time interval.
  • a variation in a communication signal, e.g., associated with, interface 134 may be associated with a
  • Monitor logic 110 may be configured to identify an event based, at least in part, on the sensor data. The event may be identified based, at least in part, on a comparison between local sensor data and stored sensor data retrieved from a monitor data store. Monitor logic 110 may then be further configured to select a response based, at least in part, on the identified event.
  • monitor data store 114 may be configured to store a nominal value and/or range of nominal values for sensor data, i.e., associated with each sensor 106 - 1,..., 106 - N. Sensor data outside of the nominal range and/or greater than a threshold difference between a nominal value and a generated sensor data value may correspond to an event.
  • the event may be identified based, at least in part, on a comparison between current (i.e., local) sensor data and previously generated (i.e., stored) sensor data.
  • the previously generated sensor data may be associated, for example, with a known previous event.
  • the previously generated sensor data may be associated with normal operating conditions.
  • monitor logic 110 may be configured to identify an event based, at least in part, on a plurality of types of sensor data.
  • Types of sensor data may include, but are not limited to, temperature, voltage, current, frequency as well as variations thereof.
  • monitor logic 110 may be configured to identify an event based, at least in part, on a
  • temperature, voltage, and/or variations thereof may be analyzed for a single monitored element, for a subsystem, e.g., subsystem 120, over a spatial region and/or over a time interval.
  • Monitor logic 110 may be configured to select a response based, at least in part, on the identified event. Responses may include but are not limited to notifying an end-user, notifying an administrator system, isolating a monitored element, storing local sensor data to the monitor data store 114, initiating migration of a workload and/or to continue monitoring. The response selected may be based, at least in part, on whether the event is an actual event or a precursor event. The response selected may be based, at least in part, on a policy.
  • monitor logic 110 may be configured to utilize data analytics to select a response. Data analytics is a technique that may be utilized to select an output based, at least in part, on an input. The input may be relatively simple, e.g., one identified event, or the input may be relatively complex, e.g., a history of identified events over a time period.
  • a response selected based, at least in part, on an event associated with a memory region may include quarantining the memory region.
  • the selected response may further include executing diagnostics on the quarantined memory region.
  • hardened, e.g., secure, circuitry may be configured to provide the quarantine and/or run the diagnostic tests.
  • the hardened circuitry may be configured to overwrite (i.e., "brick") some or all of the memory to thus prevent access to memory contents.
  • the response selected may include migrating a workload from a first computing device to a second computing device.
  • an associated area of the I/O device may be isolated.
  • the hardened, e.g., secure, circuitry may be configured to isolate the associated area of the I/O device.
  • the selected response may include storing generated sensor data that may then be utilized to improve future identification of an event.
  • a response selected based, at least in part, on an event with relatively minor effects may be different from the response selected based, at least in part, on an event with relatively more significant effects.
  • a fault event that corresponds to a failure of a computing device or an element of the computing device may result in a selected response that includes migrating a workload and/or notifying the administrator system.
  • a security event e.g., an internal virus, may result in selecting a response that includes notifying the end-user.
  • the decision rule is configured to relate sensor data and an event.
  • the selected response may be related to characteristics of the event, e.g., the severity of the effect of the event if the event occurs, likelihood an actual event associated with a precursor event will occur.
  • a decision rule may be configured to relate a voltage or a temperature greater than a corresponding threshold to a precursor fault event or an actual fault event.
  • a decision rule may be configured to relate a variation in sensor data values, e.g., voltages and/or temperatures, spatially and/or temporally to an event.
  • Spatially distributed sensor data values may correspond to, e.g., a topographical map that associates a sensor data value with the position in, e.g., computing device 104.
  • Temporally distributed sensor data values may correspond to one physical location and/or monitored element. Thus, an amount of sensor data that is input to a decision rule and a corresponding complexity of the decision rule may vary.
  • monitor logic 110 may be configured to identify an event based, at least in part, on the sensor data.
  • the event may be identified further based, at least in part, on a decision rule.
  • the decision rule is configured to relate sensor data to an event.
  • a decision rule output may be an event descriptor corresponding to an event when sensor data that correlates with the event is input to the decision rule.
  • the event descriptor may include an event identifier, a precursor event or actual event indicator, a security event or fault event indicator and a likelihood indicator for precursor events.
  • the likelihood indicator is configured to provide a likelihood that a corresponding actual event will occur in a time interval.
  • One or more decision rules may be determined by, e.g., an administrator system, as described herein. Monitor logic 110 may thus be configured to utilize one or more decision rules provided by an administrator system and stored to monitor sensor data store 114 when identifying an event based, at least in part, on sensor data.
  • FIG. 2 illustrates a functional block diagram of a networked monitor system 200 consistent with several embodiments of the present disclosure.
  • Networked monitor system 200 includes a plurality of monitor circuitries 202 - 1, 202 - 2,..., 202 - N, the plurality of computing devices 204 - 1, 204 - 2,..., 204 - N and a monitor network 210.
  • the plurality of computing devices 204 - 1, 204 - 2,..., 204 - N may be included in a data center.
  • Monitor network 210 is configured to couple the plurality of monitor circuitries 202 - 1, 202 - 2,..., 202 - N.
  • Each computing device 204 - 1, 204 - 2,..., 204 - N includes a respective plurality of sensors 206 - 1, 206 - 2,..., 206 - N.
  • Each computing device 204 - 1 , 204 - 2, ... , 204 - N corresponds to computing device 104 of FIG. 1.
  • Each respective plurality of sensors 206 - 1, 206 - 2,..., 206 - N corresponds to one or more of sensors 106 - 1,..., and/or 106 - N of FIG. 1.
  • one or more of the monitor circuitries 202 - 1, 202 - 2,..., and/or 202 - N may be configured to share event descriptors.
  • One or more of the monitor circuitries 202 - 1 , 202 - 2, ... , and/or 202 - N may be configured to identify a respective event based, at least in part, on local sensor data and based, at least in part, on remote sensor data received from one or more other monitor circuitries. Sharing sensor data is configured to facilitate "learning" by each monitor circuitry based, at least in part, on remote sensor data.
  • networked monitor system 200 may include an administrator system 208.
  • the administrator system 208 may be coupled to one or more of the plurality of monitor circuitries 202 - 1, 202 - 2,..., 202 - N by monitor network 210.
  • Administrator system 208 includes a processor 220, memory 222 and a communication interface 224.
  • Administrator system 208 may further include decision logic 226, management logic 228 and a sensor data store 230.
  • Administrator system 208 is configured to generate a decision rule related to an event based, at least in part, on selected sensor data received from at least some of the one or more of the plurality of monitor circuitries 202 - 1, 202 - 2,..., 202 - N.
  • management logic 228 may be configured to receive sensor data from one or more of the monitor circuitries 202 - 1, 202 - 2,..., 202 - N. Management logic 228 may be further configured to store the received sensor data to sensor data store 230. One or more of the monitor circuitries may be further configured to provide a respective event descriptor associated with the provided sensor data. For example, the event descriptor may correspond to an event that occurred prior to, at or within a time interval of a time associated sensor data was generated.
  • Decision logic 226 may be configured to process the received sensor data and associated event descriptor to generate a decision rule relating sensor data to the event that corresponds to the event descriptor.
  • decision logic 226 may be configured to implement one or more analysis techniques in order to identify a relationship between sensor data and an event.
  • the techniques may include, but are not limited to Bayesian network, a linear regression, a neural network, a machine learning technique and/or a statistical analysis. It may be appreciated that decision logic 226 may be relatively more powerful than monitor logic 110 of FIG. 1.
  • the analysis techniques may further identify selected sensor data types that correlated relatively more strongly than other sensor data types with an event.
  • Management logic 228 may then be configured to provide the identified decision rule to one or more of monitor circuitries 202 - 1, 202 - 2,..., 202 - N.
  • the decision rule is configured to facilitate identification of an event by each of the monitor circuitries based, at least in part, on sensor data and further based, at least in part, on the decision rule.
  • each decision rule may be configured to relate selected sensor data generated based, at least in part, on sensor signals received from at least some of the plurality of sensors to an event.
  • Each monitor circuitry may be configured to utilize the decision rule to identify an event based, at least in part, on sensor data. Utilizing a decision rule may be relatively faster than determining the decision rule. Thus, identifying an event based, at least in part, on sensor data may be performed by monitor circuitry that may be relatively less powerful then, e.g., administrator system 208.
  • monitor circuitry incorporated in a computing device may be configured to generate sensor data based, at least in part, on a sensor signal received from a sensor
  • Monitor circuitry may be further configured to identify an event (e.g., security and/or fault, actual or precursor) based, at least in part, on sensor data. A response may then be selected based, at least in part, on the identified event.
  • the generating, identifying and selecting may be independent of an OS and/or an application that may be executing on the computing device.
  • FIG. 3 is a flowchart 300 of monitor circuitry operations according to various
  • the flowchart 300 illustrates generating sensor data and identifying an event based, at least in part, on the sensor data.
  • the operations may be performed, for example, by monitor circuitry 102, e.g., detector circuitry 118, monitor logic 110 and/or monitor communication interface 116 of FIG. 1 and/or monitor circuitries 202 - 1 , 202 - 2, ... , 202 - N of FIG. 2.
  • Local sensor data may be generated based, at least in part, on a sensor signal received from a sensor incorporated in a local computing device at operation 304.
  • An event may be identified based, at least in part, on the local sensor data at operation 306.
  • remote sensor data may be received from at least one remote monitor circuitry at operation 308.
  • the event identified may be further based, at least in part, on the remote sensor data.
  • remote sensor data may not be received.
  • a decision rule may be received from an administrator system in operation 310.
  • the event identified may be further based, at least in part, on the decision rule.
  • the decision rule may not be received.
  • the decision rule may then be stored in a monitor data store at operation 312.
  • a response may be selected based, at least in part, on the identified event at operation 314.
  • Program flow may then continue in operation 316.
  • sensor data may be generated based, at least in part, on a sensor signal received from a sensor incorporated in a computing device.
  • An event may be identified based, at least in part, on the sensor data and a response may be selected based, at least in part, on the identified event.
  • FIG. 3 illustrates operations according to various embodiments, it is to be understood that not all of the operations depicted in FIG. 3 are necessary for other embodiments.
  • the operations depicted in FIG. 3 and/or other operations described herein may be combined in a manner not specifically shown in any of the drawings, and such embodiments may include less or more operations than are illustrated in FIG. 3.
  • claims directed to features and/or operations that are not exactly shown in one drawing are deemed within the scope and content of the present disclosure.
  • an apparatus, method and/or system may include monitor circuitry and one or more sensors incorporated in a computing device.
  • the sensors may be coupled to and/or integrated with each of a plurality of monitored elements (e.g., processor, memory, motherboard, external storage, etc.) of the computing device.
  • the monitor circuitry is configured to generate respective sensor data based, at least in part, on a respective sensor signal received from each sensor.
  • Sensor data may include, but is not limited to, a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency and/or a frequency variation.
  • the monitor circuitry is further configured to identify an event based, at least in part, on the sensor data.
  • the monitor circuitry may be further configured to select a response based, at least in part, on the identified event.
  • the generating and identifying are independent of operations of an OS and/or an application that may be executing on the computing device.
  • operations of the monitor system may not be susceptible to effects of corruption of the OS and/or an application nor to successful malware attacks on the OS and/or application(s) executing on the computing device.
  • the apparatus, method and/or system are configured to identify security and/or fault events based, at least in part, on sensor data. Identification of an event may be relatively fast, in part because the monitor circuitry, including monitor logic, is local to the computing device and, in part, because the monitor circuitry is implemented in circuitry.
  • the term "logic” may refer to firmware and/or circuitry configured to perform any of the aforementioned operations.
  • Firmware may be embodied as code, instructions or instruction sets and/or data that are hard-coded (e.g., nonvolatile) in memory devices and/or circuitry.
  • Circuitry may comprise, for example, singly or in any combination, hardwired circuitry, programmable circuitry, state machine circuitry, logic and/or firmware that stores instructions executed by programmable circuitry.
  • the circuitry may be embodied as an integrated circuit, such as an integrated circuit chip.
  • circuitry may include an application- specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a microcontroller, a system-on-a-chip (SoC) or the like
  • the processor may include one or more processor cores and may be configured to execute system software.
  • System software may include, for example, an operating system and/or an application.
  • Device memory may include I/O memory buffers configured to store one or more data packets that are to be transmitted by, or received by, a network interface.
  • the operating system may be configured to manage system resources and control tasks that are run on, e.g., client device 104 and/or administrator system 208.
  • the OS may be implemented using Microsoft® Windows®, HP-UX®, Linux®, or UNIX®, although other operating systems may be used.
  • the OS may be implemented using AndroidTM, iOS, Windows Phone® or BlackBerry®.
  • the OS may be replaced by a virtual machine monitor (or hypervisor) which may provide a layer of abstraction for underlying hardware to various operating systems (virtual machines) running on one or more processing units.
  • the operating system and/or virtual machine may implement one or more protocol stacks.
  • a protocol stack may execute one or more programs to process packets.
  • An example of a protocol stack is a TCP/IP (Transport Control Protocol/Internet Protocol) protocol stack comprising one or more programs for handling (e.g., processing or generating) packets to transmit and/or receive over a network.
  • TCP/IP Transport Control Protocol/Internet Protocol
  • Memory 112, 122 may each include one or more of the following types of memory: semiconductor firmware memory, programmable memory, non- volatile memory, read only memory, electrically programmable memory, random access memory, flash memory, magnetic disk memory, and/or optical disk memory. Either additionally or alternatively system memory may include other and/or later-developed types of computer-readable memory.
  • Embodiments of the operations described herein, e.g., of administrator system 208, may be implemented in a computer-readable storage device having stored thereon instructions that when executed by one or more processors perform the methods.
  • the processor may include, for example, a processing unit and/or programmable circuitry.
  • the storage device may include a machine readable storage device including any type of tangible, non-transitory storage device, for example, any type of disk including floppy disks, optical disks, compact disk read-only memories (CD-ROMs), compact disk rewritables (CD-RWs), and magneto-optical disks, semiconductor devices such as read-only memories (ROMs), random access memories (RAMs) such as dynamic and static RAMs, erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), flash memories, magnetic or optical cards, or any type of storage devices suitable for storing electronic instructions.
  • ROMs read-only memories
  • RAMs random access memories
  • EPROMs erasable programmable read-only memories
  • EEPROMs electrically erasable programmable read-only memories
  • flash memories magnetic or optical cards, or any type of storage devices suitable for storing electronic instructions.
  • a hardware description language may be used to specify circuit and/or logic implementation(s) for the various logic and/or circuitry described herein.
  • the hardware description language may comply or be compatible with a very high speed integrated circuits (VHSIC) hardware description language (VHDL) that may enable semiconductor fabrication of one or more circuits and/or logic described herein.
  • VHSIC very high speed integrated circuits
  • VHDL may comply or be compatible with IEEE Standard 1076-1987, IEEE Standard 1076.2, IEEE 1076.1 , IEEE Draft 3.0 of VHDL-2006, IEEE Draft 4.0 of VHDL-2008 and/or other versions of the IEEE VHDL standards and/or other hardware description standards.
  • a Verilog hardware description language may be used to specify circuit and/or logic implementation(s) for the various logic and/or circuitry described herein.
  • the HDL may comply or be compatible with IEEE standard 62530-2011: SystemVerilog - Unified Hardware Design, Specification, and Verification Language, dated July 07, 2011; IEEE Std 1800TM-2012: IEEE Standard for SystemVerilog- Unified Hardware Design, Specification, and Verification Language, released February 21, 2013; IEEE standard 1364-2005: IEEE Standard for Verilog Hardware Description Language, dated April 18, 2006 and/or other versions of Verilog HDL and/or SystemVerilog standards. Examples
  • Examples of the present disclosure include subject material such as a method, means for performing acts of the method, a device, or of an apparatus or system related to a system monitor, as discussed below.
  • Example 1 there is provided an apparatus.
  • the apparatus includes detector circuitry and monitor logic local to a computing device.
  • the detector is circuitry to generate local sensor data based, at least in part, on a sensor signal received from a sensor incorporated in the local computing device.
  • the monitor logic is to identify an event based, at least in part, on the local sensor data. The generating and identifying are independent of operation of an operating system and/or an application executing on the local computing device.
  • Example 2 This example includes the elements of example 1, wherein the local sensor data includes a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency or a frequency variation.
  • Example 3 This example includes the elements of example 1, wherein the event is selected from the group including an actual security event, a precursor security event, an actual fault event and a precursor fault event.
  • Example 4 includes the elements of example 1, wherein the detector circuitry is to generate local sensor data based, at least in part, on a plurality of sensor signals received from a plurality of sensors incorporated in the local computing device.
  • Example 5 includes the elements according to any one of examples 1 to 4, wherein the event is identified based, at least in part, on at least one of a distribution of local sensor data values across the local computing device, a distribution of local sensor data values over a time interval and/or a history of local sensor data values.
  • Example 6 includes the elements according to any one of examples 1 to 4, further including a monitor communication interface to receive remote sensor data from at least one remote monitor circuitry, each remote monitor circuitry to generate the remote sensor data based, at least in part, on a remote sensor signal received from a remote sensor incorporated in a respective remote computing device, the event identified further based, at least in part, on the remote sensor data.
  • Example 7 This example includes the elements according to any one of examples 1 to 4, wherein the monitor logic is further to select a response based, at least in part, on the identified event.
  • Example 8 This example includes the elements of example 7, wherein the response is selected from the group including notify an end-user, notify an administrator system, isolate an element of the computing device, store the local sensor data to a monitor data store, initiate migration of a workload and/or continue monitoring.
  • Example 9 This example includes the elements according to any one of examples 1 to 4, wherein the event is identified based, at least in part, on a comparison between the local sensor data and stored sensor data retrieved from a monitor data store.
  • Example 10 includes the elements according to any one of examples 1 to 4, further including a monitor data store; and a monitor communication interface to couple the monitor logic to an administrator system, the response selected based, at least in part, on a decision rule received from the administrator system and stored to the monitor data store.
  • Example 11 there is provided a system.
  • the system includes a plurality of sensors incorporated in a local computing device; detector circuitry and monitor logic local to the computing device.
  • the detector circuitry is to generate local sensor data based, at least in part, on a sensor signal received from at least one sensor.
  • the monitor logic is to identify an event based, at least in part, on the local sensor data. The generating and identifying are independent of operation of an operating system and/or an application executing on the local computing device.
  • Example 12. This example includes the elements of example 11, wherein the local sensor data includes a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency or a frequency variation.
  • Example 13 This example includes the elements of example 11, wherein the event is selected from the group including an actual security event, a precursor security event, an actual fault event and a precursor fault event.
  • Example 14 This example includes the elements of example 11, wherein the detector circuitry is to generate local sensor data based, at least in part, on a plurality of sensor signals received from a plurality of sensors incorporated in the local computing device.
  • Example 15 This example includes the elements according to any one of examples 11 to 14, wherein the event is identified based, at least in part, on at least one of a distribution of local sensor data values across the local computing device, a distribution of local sensor data values over a time interval and/or a history of local sensor data values.
  • Example 16 This example includes the elements according to any one of examples 11 to 14, further including a monitor communication interface to receive remote sensor data from at least one remote monitor circuitry, each remote monitor circuitry to generate the remote sensor data based, at least in part, on a remote sensor signal received from a remote sensor incorporated in a respective remote computing device, the event identified further based, at least in part, on the remote sensor data.
  • Example 17 This example includes the elements according to any one of examples 11 to 14, wherein the monitor logic is further to select a response based, at least in part, on the identified event.
  • Example 18 This example includes the elements of example 17, wherein the response is selected from the group including notify an end-user, notify an administrator system, isolate an element of the computing device, store the local sensor data to a monitor data store, initiate migration of a workload and/or continue monitoring.
  • Example 19 This example includes the elements according to any one of examples 11 to 14, wherein the event is identified based, at least in part, on a comparison between the local sensor data and stored sensor data retrieved from a monitor data store.
  • Example 20 This example includes the elements according to any one of examples 11 to 14, further including a monitor data store; and a monitor communication interface to couple the monitor logic to an administrator system, the response selected based, at least in part, on a decision rule received from the administrator system and stored to the monitor data store.
  • Example 21 According to this example, there is provided a method.
  • the method includes generating by, detector circuitry, local sensor data based, at least in part, on a sensor signal received from a sensor incorporated in a local computing device; and identifying by, monitor logic local to the computing device, an event based, at least in part, on the local sensor data.
  • the generating and identifying are independent of operation of an operating system and/or an application executing on the local computing device.
  • Example 22 This example includes the elements of example 21, wherein the local sensor data includes a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency or a frequency variation.
  • Example 23 This example includes the elements of example 21, wherein the event is selected from the group including an actual security event, a precursor security event, an actual fault event and a precursor fault event.
  • Example 24 This example includes the elements of example 21, further including generating by, the detector circuitry, local sensor data based, at least in part, on a plurality of sensor signals received from a plurality of sensors incorporated in the local computing device.
  • Example 25 This example includes the elements of example 21, wherein the event is identified based, at least in part, on at least one of a distribution of local sensor data values across the local computing device, a distribution of local sensor data values over a time interval and/or a history of local sensor data values.
  • Example 26 This example includes the elements of example 21, further including receiving by, a monitor communication interface, remote sensor data from at least one remote monitor circuitry, each remote monitor circuitry to generate the remote sensor data based, at least in part, on a remote sensor signal received from a remote sensor incorporated in a respective remote computing device, the event identified further based, at least in part, on the remote sensor data.
  • Example 27 This example includes the elements of example 21, further including selecting, by the monitor logic, a response based, at least in part, on the identified event.
  • Example 28 This example includes the elements of example 27, wherein the response is selected from the group including notify an end-user, notify an administrator system, isolate an element of the computing device, store the local sensor data to a monitor data store, initiate migration of a workload and/or continue monitoring.
  • Example 29 This example includes the elements of example 21, wherein the event is identified based, at least in part, on a comparison between the local sensor data and stored sensor data retrieved from a monitor data store.
  • Example 30 This example includes the elements of example 21, further including coupling, by a monitor communication interface, the monitor logic to an administrator system, the response selected based, at least in part, on a decision rule received from the administrator system and stored to a monitor data store.
  • Example 31 This example includes the elements of example 21, further including generating, by an administrator system, a decision rule related to the event based, at least in part, on selected sensor data received from at least some of one or more of a plurality of monitor circuitries, the administrator system coupled to the one or more of the plurality of monitor circuitries via a monitor network.
  • Example 32 This example includes the elements of example 31, wherein the decision rule is generated based, at least in part, on one or more of a Bayesian network, a linear regression, a neural network, a machine learning technique and/or a statistical analysis.
  • Example 33 there is provided a system.
  • the system includes a plurality of monitor circuitries and a monitor network coupling one or more of the plurality of monitor circuitries.
  • Each monitor circuitry includes detector circuitry and monitor logic local to the computing device.
  • the detector circuitry is to generate local sensor data based, at least in part, on a sensor signal received from a sensor incorporated in a local computing device.
  • the monitor logic is to identify an event based, at least in part, on the local sensor data. The generating and identifying are independent of operation of an operating system and/or an application executing on the local computing device.
  • Example 34 This example includes the elements of example 33, wherein the local sensor data includes a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency or a frequency variation.
  • Example 35 This example includes the elements of example 33, wherein the event is selected from the group including an actual security event, a precursor security event, an actual fault event and a precursor fault event.
  • Example 36 This example includes the elements of example 33, wherein the detector circuitry is to generate local sensor data based, at least in part, on a plurality of sensor signals received from a plurality of sensors incorporated in the local computing device.
  • Example 37 This example includes the elements according to any one of examples 33 to 36, wherein the event is identified based, at least in part, on at least one of a distribution of local sensor data values across the local computing device, a distribution of local sensor data values over a time interval and/or a history of local sensor data values.
  • Example 38 This example includes the elements according to any one of examples 33 to 36, wherein each monitor circuitry further includes a monitor communication interface to receive remote sensor data from at least one remote monitor circuitry, each remote monitor circuitry to generate the remote sensor data based, at least in part, on a remote sensor signal received from a remote sensor incorporated in a respective remote computing device, the event identified further based, at least in part, on the remote sensor data.
  • Example 39 This example includes the elements according to any one of examples 33 to 36, wherein the monitor logic is further to select a response based, at least in part, on the identified event.
  • Example 40 Example 40.
  • Example 41 includes the elements according to any one of examples 33 to 36, wherein the event is identified based, at least in part, on a comparison between the local sensor data and stored sensor data retrieved from a monitor data store.
  • Example 42 This example includes the elements according to any one of examples 33 to 36, wherein each monitor circuitry further includes a monitor data store; and a monitor
  • Example 43 This example includes the elements according to any one of examples 33 to 36, further including an administrator system coupled to one or more of the plurality of monitor circuitries via the monitor network, the administrator system to generate a decision rule related to the event based, at least in part, on selected sensor data received from at least some of the one or more of the plurality of monitor circuitries.
  • Example 44 This example includes the elements of example 43, wherein the decision rule is generated based, at least in part, on one or more of a Bayesian network, a linear regression, a neural network, a machine learning technique and/or a statistical analysis.
  • Example 45 there is provided a device.
  • the device includes means for generating by, detector circuitry, local sensor data based, at least in part, on a sensor signal received from a sensor incorporated in a local computing device; and means for identifying by, monitor logic local to the computing device, an event based, at least in part, on the local sensor data.
  • the generating and identifying are independent of operation of an operating system and/or an application executing on the local computing device.
  • Example 46 This example includes the elements of example 45, wherein the local sensor data includes a voltage, a current, a temperature, a voltage variation, a current variation, a temperature variation, a frequency or a frequency variation.
  • Example 47 This example includes the elements of example 45, wherein the event is selected from the group including an actual security event, a precursor security event, an actual fault event and a precursor fault event.
  • Example 48 This example includes the elements of example 45, further including means for generating by, the detector circuitry, local sensor data based, at least in part, on a plurality of sensor signals received from a plurality of sensors incorporated in the local computing device.
  • Example 49 This example includes the elements according to any one of examples 45 to 48, wherein the event is identified based, at least in part, on at least one of a distribution of local sensor data values across the local computing device, a distribution of local sensor data values over a time interval and/or a history of local sensor data values.
  • Example 50 This example includes the elements according to any one of examples 45 to 48, further including means for receiving by, a monitor communication interface, remote sensor data from at least one remote monitor circuitry, each remote monitor circuitry to generate the remote sensor data based, at least in part, on a remote sensor signal received from a remote sensor incorporated in a respective remote computing device, the event identified further based, at least in part, on the remote sensor data.
  • Example 51 This example includes the elements according to any one of examples 45 to 48, further including means for selecting, by the monitor logic, a response based, at least in part, on the identified event.
  • Example 52 This example includes the elements of example 51, wherein the response is selected from the group including notify an end-user, notify an administrator system, isolate an element of the computing device, store the local sensor data to a monitor data store, initiate migration of a workload and/or continue monitoring.
  • Example 53 This example includes the elements according to any one of examples 45 to 48, wherein the event is identified based, at least in part, on a comparison between the local sensor data and stored sensor data retrieved from a monitor data store.
  • Example 54 This example includes the elements according to any one of examples 45 to 48, further including means for coupling, by a monitor communication interface, the monitor logic to an administrator system, the response selected based, at least in part, on a decision rule received from the administrator system and stored to a monitor data store.
  • Example 55 This example includes the elements according to any one of examples 45 to 48, further including means for generating, by an administrator system, a decision rule related to the event based, at least in part, on selected sensor data received from at least some of one or more of a plurality of monitor circuitries, the administrator system coupled to the one or more of the plurality of monitor circuitries via a monitor network.
  • Example 56 This example includes the elements according to any one of examples 45 to 48, wherein the decision rule is generated based, at least in part, on one or more of a Bayesian network, a linear regression, a neural network, a machine learning technique and/or a statistical analysis.
  • Example 57 there is provided a system.
  • the system includes at least one device arranged to perform the method of any one of examples 21 to 32.
  • a device there is provided a device.
  • the device includes means to perform the method of any one of examples 21 to 32.
  • Example 59 According to this example, there is provided a computer readable storage device.
  • the device has stored thereon instructions that when executed by one or more processors result in the following operations including: the method according to any one of examples 31 and 32.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)
  • Testing Or Calibration Of Command Recording Devices (AREA)
PCT/US2017/049471 2016-09-30 2017-08-30 System monitor WO2018063725A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE112017005007.3T DE112017005007T5 (de) 2016-09-30 2017-08-30 Systemmonitor
CN201780053194.3A CN109643348A (zh) 2016-09-30 2017-08-30 系统监测器

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/282,113 US20180097825A1 (en) 2016-09-30 2016-09-30 System monitor
US15/282,113 2016-09-30

Publications (1)

Publication Number Publication Date
WO2018063725A1 true WO2018063725A1 (en) 2018-04-05

Family

ID=61758555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2017/049471 WO2018063725A1 (en) 2016-09-30 2017-08-30 System monitor

Country Status (4)

Country Link
US (2) US20180097825A1 (zh)
CN (1) CN109643348A (zh)
DE (1) DE112017005007T5 (zh)
WO (1) WO2018063725A1 (zh)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10674443B2 (en) 2017-08-18 2020-06-02 Blackberry Limited Method and system for battery life improvement for low power devices in wireless sensor networks
US10721683B2 (en) 2017-08-18 2020-07-21 Blackberry Limited Method and system for battery life improvement for low power devices in wireless sensor networks
US11382546B2 (en) * 2018-04-10 2022-07-12 Ca, Inc. Psychophysical performance measurement of distributed applications
EP3553686A1 (en) * 2018-04-12 2019-10-16 Gemalto Sa Method for activating sensors in a multi-unit device
US10810094B2 (en) * 2018-06-21 2020-10-20 Arm Limited Methods and apparatus for anomaly response
JP7345281B2 (ja) * 2019-05-31 2023-09-15 株式会社日立産機システム 監視装置、および監視システム
US11709275B2 (en) * 2019-07-09 2023-07-25 Xilinx, Inc. Root monitoring on an FPGA using satellite ADCs
JP2022540420A (ja) * 2019-07-09 2022-09-15 ザイリンクス インコーポレイテッド サテライトadcを使用したfpga上でのルートモニタリング
US10598729B1 (en) 2019-08-08 2020-03-24 Xilinx, Inc. Device monitoring using satellite ADCs having local voltage reference
US11271581B1 (en) 2020-05-18 2022-03-08 Xilinx, Inc. Time-multiplexed distribution of analog signals
JP7327354B2 (ja) * 2020-11-04 2023-08-16 トヨタ自動車株式会社 情報処理システム、情報処理方法、及び、プログラム

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006133043A2 (en) * 2005-06-06 2006-12-14 Intel Corporation Wireless medical sensor system
US20120063270A1 (en) * 2010-09-10 2012-03-15 Pawcatuck, Connecticut Methods and Apparatus for Event Detection and Localization Using a Plurality of Smartphones
US20130141232A1 (en) * 2002-05-04 2013-06-06 Richman Technology Corporation System for real time security monitoring
US20140168825A1 (en) * 2012-12-18 2014-06-19 Hamilton Sundstrand Corporation Hardware-based, redundant overvoltage protection
US20150381094A1 (en) * 2014-06-25 2015-12-31 Nidec Motor Corporation Independent pathways for detecting fault condition in electric motor

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080088441A1 (en) * 2002-06-11 2008-04-17 Intelligent Technologies International, Inc. Asset Monitoring Using the Internet
US7877621B2 (en) * 2004-09-03 2011-01-25 Virginia Tech Intellectual Properties, Inc. Detecting software attacks by monitoring electric power consumption patterns
WO2010141826A2 (en) * 2009-06-05 2010-12-09 The Regents Of The University Of Michigan System and method for detecting energy consumption anomalies and mobile malware variants

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130141232A1 (en) * 2002-05-04 2013-06-06 Richman Technology Corporation System for real time security monitoring
WO2006133043A2 (en) * 2005-06-06 2006-12-14 Intel Corporation Wireless medical sensor system
US20120063270A1 (en) * 2010-09-10 2012-03-15 Pawcatuck, Connecticut Methods and Apparatus for Event Detection and Localization Using a Plurality of Smartphones
US20140168825A1 (en) * 2012-12-18 2014-06-19 Hamilton Sundstrand Corporation Hardware-based, redundant overvoltage protection
US20150381094A1 (en) * 2014-06-25 2015-12-31 Nidec Motor Corporation Independent pathways for detecting fault condition in electric motor

Also Published As

Publication number Publication date
US20200186553A1 (en) 2020-06-11
CN109643348A (zh) 2019-04-16
DE112017005007T5 (de) 2019-06-27
US20180097825A1 (en) 2018-04-05

Similar Documents

Publication Publication Date Title
US20200186553A1 (en) System monitor
EP2810403B1 (en) Remote trust attestation and geo-location of of servers and clients in cloud computing environments
US8627469B1 (en) Systems and methods for using acquisitional contexts to prevent false-positive malware classifications
EP3111364B1 (en) Systems and methods for optimizing scans of pre-installed applications
EP2810209B1 (en) Remote trust attestation and geo-location of servers and clients in cloud computing environments
US9485272B1 (en) Systems and methods for estimating confidence scores of unverified signatures
US9043922B1 (en) Systems and methods for determining malicious-attack exposure levels based on field-data analysis
US10200410B2 (en) Networked peer device round-robin security controller
US11334502B2 (en) Memory protection based on system state
US10284564B1 (en) Systems and methods for dynamically validating remote requests within enterprise networks
KR101801581B1 (ko) 머신 학습 스냅샷 평가를 포함하는 보호 시스템
US10068089B1 (en) Systems and methods for network security
US11836244B2 (en) Clone application detection mechanism for securing trusted execution environments against a malicious operating system
CN106716072B (zh) 用于校准数字传感器的设备以及方法
US11562066B2 (en) Memory tracking for malware detection
US10019577B2 (en) Hardware hardened advanced threat protection
US20180349650A1 (en) Security policy management for a plurality of dies in a system-on-chip
WO2018136087A1 (en) Multiple remote attestation service for cloud-based systems
US20200342109A1 (en) Baseboard management controller to convey data
US10318742B1 (en) Systems and methods for evaluating security software configurations
US20230127205A1 (en) Memory tracking for malware detection
US11592811B2 (en) Methods and apparatuses for defining authorization rules for peripheral devices based on peripheral device categorization
US20230261867A1 (en) Centralized volume encryption key management for edge devices with trusted platform modules
US10972477B1 (en) Systems and methods for performing micro-segmenting
Gautier et al. On-Device Detection via Anomalous Environmental Factors

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17857149

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17857149

Country of ref document: EP

Kind code of ref document: A1